Vulnerabilities > CVE-2015-2811 - Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
- http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
- http://seclists.org/fulldisclosure/2015/Jun/64
- http://seclists.org/fulldisclosure/2015/Jun/64
- http://www.securityfocus.com/archive/1/535827/100/800/threaded
- http://www.securityfocus.com/archive/1/535827/100/800/threaded
- http://www.securityfocus.com/bid/73691
- http://www.securityfocus.com/bid/73691
- https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/
- https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/